TUCoPS :: Linux :: Ubuntu :: va1256.htm

FreeType vulnerabilities
FreeType vulnerabilities
FreeType vulnerabilities




--bAmEntskrkuBymla
Content-Type: text/plain; charset=us-ascii
Content-Disposition: inline
Content-Transfer-Encoding: quoted-printable

=========================================================== 
Ubuntu Security Notice USN-643-1         September 11, 2008
freetype vulnerabilities
CVE-2008-1806, CVE-2008-1807, CVE-2008-1808
==========================================================
A security issue affects the following Ubuntu releases:

Ubuntu 6.06 LTS
Ubuntu 7.04
Ubuntu 7.10
Ubuntu 8.04 LTS

This advisory also applies to the corresponding versions of
Kubuntu, Edubuntu, and Xubuntu.

The problem can be corrected by upgrading your system to the
following package versions:

Ubuntu 6.06 LTS:
  libfreetype6                    2.1.10-1ubuntu2.5

Ubuntu 7.04:
  libfreetype6                    2.2.1-5ubuntu1.2

Ubuntu 7.10:
  libfreetype6                    2.3.5-1ubuntu4.7.10.1

Ubuntu 8.04 LTS:
  libfreetype6                    2.3.5-1ubuntu4.8.04.1

After a standard system upgrade you need to restart your session to
effect the necessary changes.

Details follow:

Multiple flaws were discovered in the PFB and TTF font handling code
in freetype.  If a user were tricked into using a specially crafted
font file, a remote attacker could execute arbitrary code with user
privileges or cause the application linked against freetype to crash,
leading to a denial of service.


Updated packages for Ubuntu 6.06 LTS:

  Source archives:

http://security.ubuntu.com/ubuntu/pool/main/f/freetype/freetype_2.1.10-1ubuntu2.5.diff.gz 
      Size/MD5:    61226 6c66dd6e70020232a317923954795f55
http://security.ubuntu.com/ubuntu/pool/main/f/freetype/freetype_2.1.10-1ubuntu2.5.dsc 
      Size/MD5:      756 ae876a7d63fc19acd58839f78883568e
http://security.ubuntu.com/ubuntu/pool/main/f/freetype/freetype_2.1.10.orig.tar.gz 
      Size/MD5:  1323617 adf145ce51196ad1b3054d5fb032efe6

  amd64 architecture (Athlon64, Opteron, EM64T Xeon):

http://security.ubuntu.com/ubuntu/pool/main/f/freetype/libfreetype6-dev_2.1.10-1ubuntu2.5_amd64.deb 
      Size/MD5:   717504 f7f01c858678c88b72a297cfaf0c04d8
http://security.ubuntu.com/ubuntu/pool/main/f/freetype/libfreetype6_2.1=2E10-1ubuntu2.5_amd64.deb 
      Size/MD5:   439950 bd57f3d8d0de6c92313a5013cc65a9dd
http://security.ubuntu.com/ubuntu/pool/universe/f/freetype/freetype2-demos_2.1.10-1ubuntu2.5_amd64.deb 
      Size/MD5:   133870 a9e289db8b44a07e560762c4b50fbb32
http://security.ubuntu.com/ubuntu/pool/universe/f/freetype/libfreetype6-udeb_2.1.10-1ubuntu2.5_amd64.udeb 
      Size/MD5:   251744 2ec43e089150ebf7e4ca76a283123bfe

  i386 architecture (x86 compatible Intel/AMD):

http://security.ubuntu.com/ubuntu/pool/main/f/freetype/libfreetype6-dev_2.1.10-1ubuntu2.5_i386.deb 
      Size/MD5:   677456 bb8a9ffe2a4129440a5f2b1580951441
http://security.ubuntu.com/ubuntu/pool/main/f/freetype/libfreetype6_2.1=2E10-1ubuntu2.5_i386.deb 
      Size/MD5:   415534 285c888edd64956294eb12401086fdf9
http://security.ubuntu.com/ubuntu/pool/universe/f/freetype/freetype2-demos_2.1.10-1ubuntu2.5_i386.deb 
      Size/MD5:   117362 9f871503b252e990b134481aaee8bf05
http://security.ubuntu.com/ubuntu/pool/universe/f/freetype/libfreetype6-udeb_2.1.10-1ubuntu2.5_i386.udeb 
      Size/MD5:   227326 8edd92c819fdf564dfaf9eabb8d5bbcb

  powerpc architecture (Apple Macintosh G3/G4/G5):

http://security.ubuntu.com/ubuntu/pool/main/f/freetype/libfreetype6-dev_2.1.10-1ubuntu2.5_powerpc.deb 
      Size/MD5:   708442 236abfb1c77da946d4964a65330c3723
http://security.ubuntu.com/ubuntu/pool/main/f/freetype/libfreetype6_2.1=2E10-1ubuntu2.5_powerpc.deb 
      Size/MD5:   430020 f7bacfcd3b7067e055f9e1a19d652839
http://security.ubuntu.com/ubuntu/pool/universe/f/freetype/freetype2-demos_2.1.10-1ubuntu2.5_powerpc.deb 
      Size/MD5:   134256 4537e50e0087a7dbbc4dbd1881f37986
http://security.ubuntu.com/ubuntu/pool/universe/f/freetype/libfreetype6-udeb_2.1.10-1ubuntu2.5_powerpc.udeb 
      Size/MD5:   241466 3cdc08267a14e7c8d318b89588850f4f

  sparc architecture (Sun SPARC/UltraSPARC):

http://security.ubuntu.com/ubuntu/pool/main/f/freetype/libfreetype6-dev_2.1.10-1ubuntu2.5_sparc.deb 
      Size/MD5:   683628 d65cc62a285251ba5adf654a46a9873f
http://security.ubuntu.com/ubuntu/pool/main/f/freetype/libfreetype6_2.1=2E10-1ubuntu2.5_sparc.deb 
      Size/MD5:   411058 e75386ffdb84eec8734c5a4e8e316515
http://security.ubuntu.com/ubuntu/pool/universe/f/freetype/freetype2-demos_2.1.10-1ubuntu2.5_sparc.deb 
      Size/MD5:   120082 ca64eaec1f4443e7a7e483ce11d908db
http://security.ubuntu.com/ubuntu/pool/universe/f/freetype/libfreetype6-udeb_2.1.10-1ubuntu2.5_sparc.udeb 
      Size/MD5:   222480 b2bed2f9d40445aed9fdbaffde6557a0

Updated packages for Ubuntu 7.04:

  Source archives:

http://security.ubuntu.com/ubuntu/pool/main/f/freetype/freetype_2.2.1-5ubuntu1.2.diff.gz 
      Size/MD5:    34128 293369b7734de909c48a1a53a52ac9ad
http://security.ubuntu.com/ubuntu/pool/main/f/freetype/freetype_2.2.1-5ubuntu1.2.dsc 
      Size/MD5:      934 c962be94c068c0267d53aef2ca8049dc
http://security.ubuntu.com/ubuntu/pool/main/f/freetype/freetype_2.2.1.orig.tar.gz 
      Size/MD5:  1451392 a584e84d617c6e7919b4aef9b5106cf4

  amd64 architecture (Athlon64, Opteron, EM64T Xeon):

http://security.ubuntu.com/ubuntu/pool/main/f/freetype/libfreetype6-dev_2.2.1-5ubuntu1.2_amd64.deb 
      Size/MD5:   669160 7c282fffc798a15c26611d605ab5f644
http://security.ubuntu.com/ubuntu/pool/main/f/freetype/libfreetype6_2.2=2E1-5ubuntu1.2_amd64.deb 
      Size/MD5:   355868 7c1ca824c4b99d0602f2ab3a48217daa
http://security.ubuntu.com/ubuntu/pool/universe/f/freetype/freetype2-demos_2.2.1-5ubuntu1.2_amd64.deb 
      Size/MD5:   151698 1f50e1bef945a99f73ff5d7731bee945
http://security.ubuntu.com/ubuntu/pool/universe/f/freetype/libfreetype6-udeb_2.2.1-5ubuntu1.2_amd64.udeb 
      Size/MD5:   250868 53aaf7a3a775e1b0c8ca9a511db5ef27

  i386 architecture (x86 compatible Intel/AMD):

http://security.ubuntu.com/ubuntu/pool/main/f/freetype/libfreetype6-dev_2.2.1-5ubuntu1.2_i386.deb 
      Size/MD5:   640474 e231a834f099014cc68714e5ab322337
http://security.ubuntu.com/ubuntu/pool/main/f/freetype/libfreetype6_2.2=2E1-5ubuntu1.2_i386.deb 
      Size/MD5:   343826 d0aed109134464b056e44aca37e3f400
http://security.ubuntu.com/ubuntu/pool/universe/f/freetype/freetype2-demos_2.2.1-5ubuntu1.2_i386.deb 
      Size/MD5:   134584 d9ba29677ab94b9b69ea726a33abe06d
http://security.ubuntu.com/ubuntu/pool/universe/f/freetype/libfreetype6-udeb_2.2.1-5ubuntu1.2_i386.udeb 
      Size/MD5:   237572 f227ea16926050038c2452360cfe0397

  powerpc architecture (Apple Macintosh G3/G4/G5):

http://security.ubuntu.com/ubuntu/pool/main/f/freetype/libfreetype6-dev_2.2.1-5ubuntu1.2_powerpc.deb 
      Size/MD5:   663186 7262489abc1ed1726eb60480cae9daaf
http://security.ubuntu.com/ubuntu/pool/main/f/freetype/libfreetype6_2.2=2E1-5ubuntu1.2_powerpc.deb 
      Size/MD5:   356450 eaaec2862b5ba92908353fde90e354d9
http://security.ubuntu.com/ubuntu/pool/universe/f/freetype/freetype2-demos_2.2.1-5ubuntu1.2_powerpc.deb 
      Size/MD5:   160368 949d30bc1508138673acc48e4d54117a
http://security.ubuntu.com/ubuntu/pool/universe/f/freetype/libfreetype6-udeb_2.2.1-5ubuntu1.2_powerpc.udeb 
      Size/MD5:   250216 601c00ff376609db7e272a4cb22b8277

  sparc architecture (Sun SPARC/UltraSPARC):

http://security.ubuntu.com/ubuntu/pool/main/f/freetype/libfreetype6-dev_2.2.1-5ubuntu1.2_sparc.deb 
      Size/MD5:   635780 eee358eb58a4a274a3cf4f7924a45425
http://security.ubuntu.com/ubuntu/pool/main/f/freetype/libfreetype6_2.2=2E1-5ubuntu1.2_sparc.deb 
      Size/MD5:   328008 6fb5e77c1e11345af657f50990a23799
http://security.ubuntu.com/ubuntu/pool/universe/f/freetype/freetype2-demos_2.2.1-5ubuntu1.2_sparc.deb 
      Size/MD5:   135438 e389f6f4c58408cb143fc53b5ec16f18
http://security.ubuntu.com/ubuntu/pool/universe/f/freetype/libfreetype6-udeb_2.2.1-5ubuntu1.2_sparc.udeb 
      Size/MD5:   222258 5005d2bf0ebab47b0f00ba006e4b3a3a

Updated packages for Ubuntu 7.10:

  Source archives:

http://security.ubuntu.com/ubuntu/pool/main/f/freetype/freetype_2.3.5-1ubuntu4.7.10.1.diff.gz 
      Size/MD5:    32392 f43351d5c56e0a6432132556581bbe59
http://security.ubuntu.com/ubuntu/pool/main/f/freetype/freetype_2.3.5-1ubuntu4.7.10.1.dsc 
      Size/MD5:      944 4095a3dbfcc9a33f9014cb40415b9434
http://security.ubuntu.com/ubuntu/pool/main/f/freetype/freetype_2.3.5.orig.tar.gz 
      Size/MD5:  1536077 4a5bdbe1ab92f3fe4c4816f9934a5ec2

  amd64 architecture (Athlon64, Opteron, EM64T Xeon):

http://security.ubuntu.com/ubuntu/pool/main/f/freetype/libfreetype6-dev_2.3.5-1ubuntu4.7.10.1_amd64.deb 
      Size/MD5:   695776 bd34599d40b4bada4a7c942ecb73af2e
http://security.ubuntu.com/ubuntu/pool/main/f/freetype/libfreetype6_2.3=2E5-1ubuntu4.7.10.1_amd64.deb 
      Size/MD5:   363958 b94b8a86bfc9b4d377bafbe1a270d10f
http://security.ubuntu.com/ubuntu/pool/universe/f/freetype/freetype2-demos_2.3.5-1ubuntu4.7.10.1_amd64.deb 
      Size/MD5:   226098 06393a425b12ba5db9edc0be0d43f5f3
http://security.ubuntu.com/ubuntu/pool/universe/f/freetype/libfreetype6-udeb_2.3.5-1ubuntu4.7.10.1_amd64.udeb 
      Size/MD5:   260832 dcafd9881766c3fe78d3981b770f5ae3

  i386 architecture (x86 compatible Intel/AMD):

http://security.ubuntu.com/ubuntu/pool/main/f/freetype/libfreetype6-dev_2.3.5-1ubuntu4.7.10.1_i386.deb 
      Size/MD5:   664184 36999d55d7900a522eeb1393440abfdb
http://security.ubuntu.com/ubuntu/pool/main/f/freetype/libfreetype6_2.3=2E5-1ubuntu4.7.10.1_i386.deb 
      Size/MD5:   348580 3317d4129d8b48e72bed79cc77007e76
http://security.ubuntu.com/ubuntu/pool/universe/f/freetype/freetype2-demos_2.3.5-1ubuntu4.7.10.1_i386.deb 
      Size/MD5:   199554 b5fe08ca3fe3fc72d99e9d8774738938
http://security.ubuntu.com/ubuntu/pool/universe/f/freetype/libfreetype6-udeb_2.3.5-1ubuntu4.7.10.1_i386.udeb 
      Size/MD5:   245958 9fe1900b2a3676624c5d8bb1e0eb4719

  lpia architecture (Low Power Intel Architecture):

http://ports.ubuntu.com/pool/main/f/freetype/libfreetype6-dev_2.3.5-1ubuntu4.7.10.1_lpia.deb 
      Size/MD5:   665092 eb05b0004a767fb5adf20b15b11a0957
http://ports.ubuntu.com/pool/main/f/freetype/libfreetype6_2.3.5-1ubuntu4.7.10.1_lpia.deb 
      Size/MD5:   348748 ef2b09db0c6afac6557bc24d4147f6a0
http://ports.ubuntu.com/pool/universe/f/freetype/freetype2-demos_2.3.5-1ubuntu4.7.10.1_lpia.deb 
      Size/MD5:   205274 053325b7712aa9edb70a5153626459ed
http://ports.ubuntu.com/pool/universe/f/freetype/libfreetype6-udeb_2.3.5-1ubuntu4.7.10.1_lpia.udeb 
      Size/MD5:   245988 e6a9e1d029fe308a62d726f7aed67bf9

  powerpc architecture (Apple Macintosh G3/G4/G5):

http://security.ubuntu.com/ubuntu/pool/main/f/freetype/libfreetype6-dev_2.3.5-1ubuntu4.7.10.1_powerpc.deb 
      Size/MD5:   688928 4431492d76055646289cd563c2fdca54
http://security.ubuntu.com/ubuntu/pool/main/f/freetype/libfreetype6_2.3=2E5-1ubuntu4.7.10.1_powerpc.deb 
      Size/MD5:   361526 a7ad92719a212856bbf09a3c421257c8
http://security.ubuntu.com/ubuntu/pool/universe/f/freetype/freetype2-demos_2.3.5-1ubuntu4.7.10.1_powerpc.deb 
      Size/MD5:   234566 775ce2c35af5d64f48c76302d78b5f25
http://security.ubuntu.com/ubuntu/pool/universe/f/freetype/libfreetype6-udeb_2.3.5-1ubuntu4.7.10.1_powerpc.udeb 
      Size/MD5:   259014 083d6dfa14a395f2ea8a8cf7ebb80b08

  sparc architecture (Sun SPARC/UltraSPARC):

http://security.ubuntu.com/ubuntu/pool/main/f/freetype/libfreetype6-dev_2.3.5-1ubuntu4.7.10.1_sparc.deb 
      Size/MD5:   659680 966a89e882917b3395eb6252dbdb4e74
http://security.ubuntu.com/ubuntu/pool/main/f/freetype/libfreetype6_2.3=2E5-1ubuntu4.7.10.1_sparc.deb 
      Size/MD5:   333962 93a9a871a86bd6f313c330a8c36fed7c
http://security.ubuntu.com/ubuntu/pool/universe/f/freetype/freetype2-demos_2.3.5-1ubuntu4.7.10.1_sparc.deb 
      Size/MD5:   201010 c2ff174e86e3e42a5aa268fa7f173d34
http://security.ubuntu.com/ubuntu/pool/universe/f/freetype/libfreetype6-udeb_2.3.5-1ubuntu4.7.10.1_sparc.udeb 
      Size/MD5:   230518 0e9fd929044df71406738e9d84c7c880

Updated packages for Ubuntu 8.04 LTS:

  Source archives:

http://security.ubuntu.com/ubuntu/pool/main/f/freetype/freetype_2.3.5-1ubuntu4.8.04.1.diff.gz 
      Size/MD5:    32395 2ae84145941bf1c67058decbef143652
http://security.ubuntu.com/ubuntu/pool/main/f/freetype/freetype_2.3.5-1ubuntu4.8.04.1.dsc 
      Size/MD5:      944 bb7c3ed6113393ccd6abdb3d37300c07
http://security.ubuntu.com/ubuntu/pool/main/f/freetype/freetype_2.3.5.orig.tar.gz 
      Size/MD5:  1536077 4a5bdbe1ab92f3fe4c4816f9934a5ec2

  amd64 architecture (Athlon64, Opteron, EM64T Xeon):

http://security.ubuntu.com/ubuntu/pool/main/f/freetype/libfreetype6-dev_2.3.5-1ubuntu4.8.04.1_amd64.deb 
      Size/MD5:   694000 d3f6a9432ba6e6128ae6042ec913de9c
http://security.ubuntu.com/ubuntu/pool/main/f/freetype/libfreetype6_2.3=2E5-1ubuntu4.8.04.1_amd64.deb 
      Size/MD5:   361338 3b5f89dab8e56569d7427ac67507492c
http://security.ubuntu.com/ubuntu/pool/universe/f/freetype/freetype2-demos_2.3.5-1ubuntu4.8.04.1_amd64.deb 
      Size/MD5:   221288 c27d0aa4b83a0f428b45388fade03097
http://security.ubuntu.com/ubuntu/pool/universe/f/freetype/libfreetype6-udeb_2.3.5-1ubuntu4.8.04.1_amd64.udeb 
      Size/MD5:   258196 6277f4040b0e996e87dc251a874dd439

  i386 architecture (x86 compatible Intel/AMD):

http://security.ubuntu.com/ubuntu/pool/main/f/freetype/libfreetype6-dev_2.3.5-1ubuntu4.8.04.1_i386.deb 
      Size/MD5:   663140 87fd64034becc5901e1559e9cb1301ba
http://security.ubuntu.com/ubuntu/pool/main/f/freetype/libfreetype6_2.3=2E5-1ubuntu4.8.04.1_i386.deb 
      Size/MD5:   346396 f49f1d306c5c2ffd41df1f85c82ff20a
http://security.ubuntu.com/ubuntu/pool/universe/f/freetype/freetype2-demos_2.3.5-1ubuntu4.8.04.1_i386.deb 
      Size/MD5:   201200 3c1851a782a0886f23de434aeaa8d033
http://security.ubuntu.com/ubuntu/pool/universe/f/freetype/libfreetype6-udeb_2.3.5-1ubuntu4.8.04.1_i386.udeb 
      Size/MD5:   243222 84dc439ed4697cfee55da2eb67d81698

  lpia architecture (Low Power Intel Architecture):

http://ports.ubuntu.com/pool/main/f/freetype/libfreetype6-dev_2.3.5-1ubuntu4.8.04.1_lpia.deb 
      Size/MD5:   665082 22e6aedd01689bb8cad75d1e98f6211e
http://ports.ubuntu.com/pool/main/f/freetype/libfreetype6_2.3.5-1ubuntu4.8.04.1_lpia.deb 
      Size/MD5:   346596 6f8718573d06a221a4cec2f41411fe21
http://ports.ubuntu.com/pool/universe/f/freetype/freetype2-demos_2.3.5-1ubuntu4.8.04.1_lpia.deb 
      Size/MD5:   205444 cbe4313062dee1ee8a06fbced6e9a0d1
http://ports.ubuntu.com/pool/universe/f/freetype/libfreetype6-udeb_2.3.5-1ubuntu4.8.04.1_lpia.udeb 
      Size/MD5:   244208 8388f5dc96acef6cc8a2e375569b450a

  powerpc architecture (Apple Macintosh G3/G4/G5):

http://ports.ubuntu.com/pool/main/f/freetype/libfreetype6-dev_2.3.5-1ubuntu4.8.04.1_powerpc.deb 
      Size/MD5:   686986 9ddf5f196c576dfae2f53ab2c57df29b
http://ports.ubuntu.com/pool/main/f/freetype/libfreetype6_2.3.5-1ubuntu4.8.04.1_powerpc.deb 
      Size/MD5:   357360 68496230dd15b13b59dbf8b713bf1f8e
http://ports.ubuntu.com/pool/universe/f/freetype/freetype2-demos_2.3.5-1ubuntu4.8.04.1_powerpc.deb 
      Size/MD5:   235472 175aaae30eaa1c46ec8653e104794682
http://ports.ubuntu.com/pool/universe/f/freetype/libfreetype6-udeb_2.3.5-1ubuntu4.8.04.1_powerpc.udeb 
      Size/MD5:   254308 f2489420c89bbe5009fe0b3b33dcb3fb

  sparc architecture (Sun SPARC/UltraSPARC):

http://ports.ubuntu.com/pool/main/f/freetype/libfreetype6-dev_2.3.5-1ubuntu4.8.04.1_sparc.deb 
      Size/MD5:   657910 e3b7e8c502de36802d0cd75c22257f67
http://ports.ubuntu.com/pool/main/f/freetype/libfreetype6_2.3.5-1ubuntu4.8.04.1_sparc.deb 
      Size/MD5:   331172 dfae3b2a457907b6719c0fbf0019eb6f
http://ports.ubuntu.com/pool/universe/f/freetype/freetype2-demos_2.3.5-1ubuntu4.8.04.1_sparc.deb 
      Size/MD5:   199666 8181a2d5292df6a775f8a2179120bf8e
http://ports.ubuntu.com/pool/universe/f/freetype/libfreetype6-udeb_2.3.5-1ubuntu4.8.04.1_sparc.udeb 
      Size/MD5:   227644 e945304ee5c12b57850c91cc6b2ef903


--bAmEntskrkuBymla
Content-Type: application/pgp-signature; name="signature.asc"
Content-Description: Digital signature
Content-Disposition: inline

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.9 (GNU/Linux)
Comment: Kees Cook  

iEYEARECAAYFAkjJmz0ACgkQH/9LqRcGPm3BzgCgloLrOT6GcmZT7ttbeaZ03Wu5
na8AniCRAGu/dSMTcpwazzOx/iMe73W5
=ux7R
-----END PGP SIGNATURE-----

--bAmEntskrkuBymla--

TUCoPS is optimized to look best in Firefox® on a widescreen monitor (1440x900 or better).
Site design & layout copyright © 1986-2024 AOH